Demand for single-sign-on (SSO) functionality in mobile devices is increasing. Traditionally, SSO techniques, such as Kerberos-based SSO, were limited to desktop computer applications. More recently SSO techniques have been applied to mobile devices with network-level access to an authentication server, such as a Kerberos Key Distribution Center (KDC). Mobile devices, however, spend significant time disconnected from the local area network (LAN), such as a corporate network, and enterprises may elect to not expose their authentication servers to a public network. In traditional systems, when a device is not connected to an enterprise network via, for example, an enterprise Wi-Fi connection, the mobile device SSO client on a mobile device may be unable to access the authentication server.
In addition, SSO techniques are often used to provide access to enterprise resources in, for example, and mobile device management (MDM) environment. Traditional SSO authentication techniques may, however, provide limited ability for a MDM system to monitor and/or control access to authentication servers, service servers, and/or SSO functionality.